=== The AVX bug on amd64

Commit: gitref:73b357be92385cbb70ba19e7023a736af2c6b493[repository=src] URL: link:https://cgit.freebsd.org/src/commit/?id=73b357be92385cbb70ba19e7023a736af2c6b493[https://cgit.freebsd.org/src/commit/?id=73b357be92385cbb70ba19e7023a736af2c6b493]

Contact: Konstantin Belousov <kib@FreeBSD.org>

Some CPUs support the so called init optimization for XSAVE, but not all CPUs
do.  And when they do, 'according to complex internal microarchitectural
conditions', the optimization might happen or not.  Basically, this
means that sometimes the CPU does not write all of the state on
XSAVE and records in xstate_bv that it did not.

On signal delivery, the OS provides the saved context interrupted by
the signal to the signal handler.  The context includes all CPU state
available to userspace, including FPU registers (XSAVE area).  Also,
on return from the signal handler, context is restored, which
allows the handler to modify the main program flow.
When init optimization kicks in, the OS tries to hide init state
optimization from the signal handler, by filling non-saved parts of
the XSAVE area.

This is where the problem happens.  For states parts 0 (x87) and 1
(SSE/XMM), Intel CPUs do not provide an enumeration of layout in CPUID,
assuming that the OS knows about the regions anyway. The bug was that
the amd64 kernel hardcoded a 32bit size for the XMM save area, effectively
filling %XMM8-%XMM15 with garbage on signal return when init
optimization kicked in, because only specified part of the SSE save
area was copied from the canonical save area.

Sponsor: The FreeBSD Foundation
